Please enable JavaScript.
Coggle requires JavaScript to display documents.
Trends and future developments - Coggle Diagram
Trends and future developments
Crime
An unlawful act that merits a punishment, usually in the form of a fine or punishment
To be convinced of a crime, certain conditions must be met
The crime should take the form of an action. A person cannot be convicted of crime just because he/she is thinking of committing a crime
There is no crime without intent. The criminal act must be voluntary or pruposeful
For an act to be a crime, both the act and the intent must occur at the same time
Offences against an individual
While offences against an individual such as homicide or manslaughter can occur in the workplace, it would be very difficult to charge an organisation with either crime.
In addition to proving that actions of a specific individual led to a person's death, it has to be proven beyond a reasonable doubt that these actions were for the benefit of the organisation and within the cope of the employment contract of the offender
Workplace violence against an individual can also take form of harassment, intimidation or other threatening behaviours. Victims of violence would generally be entitled to receive monetary compensation.
Offences against property or services
Larceny, embezzlement, robbery, fraud and false pretences are al examples of theft.
Employee theft can damage an organisation financially unless it is covered by insurance, it can also harm the organisations reputation
Cyber crime is relatively new but growing threat involving third parties using a computer to commit a crime
Violation of laws
Violation of certain laws can be considered a criminal offence
Countering workplace crime
To prevent crime in the workplace, organisations increasingly employ specialist firms to run extensive background checks on new applicants, including criminal checks
Clear organisational policies, checks and procedures as well as continuous training for employees, all reduce opportunities for theft.
Regular audits of areas that are responsible for handling money, payroll, invoices and receipts also help to identify gaps and early warning signals.
Financial crime
Financial crime covers any type of criminal conduct that relates to money, financial services or fiancnail markets
Any organisation that handles significant amounts of cash, including charities, housing developers and associations, estate or rental agencies and those involved in the sale or purchase of high value goods may be exposed to proceeds of crime related risks
Financial crime risks have three main impacts on an organisation
Direct financial loss as a result of an employee or external party committing fraud
Reputation and brand loss where adverse publicity may damage the public image of the organisation
Legal and regulatory sanctions due to a breach of financial crime laws and egulations
AML
Regulated organisations that do not implement compliant controls or which permit money laundering deliberately or by error or omission can face serious sanctions, including large fines and the imprisonment of senior staff and directors
In the UK and Ireland, new AML regulations came into force in 2017 - this was superseded by the Sanctions and Anti Money Laundering Act 2018
The regulation enhanced the rules in relation to
CDD
Further limitations on the ability to rely on third party AML controls
The provision of electronic money and pre-payment cards
Improving the financial transparency of beneficial trusts
The enforcement of sanctions against non-compliant organisations
AML & CFT Controls
The starting point is identifying and assessing potential risks followed by monitoring and controlling them
An organisation must determine whether and how their products and services could be used to launder money or to support the funding of terrorism
Once risks have been identified and assessed, appropriate controls and monitoring arrangements must be put in place
Developing appropriate policies and procedures to help co-ordinate control activities
Establishing roles and responsibilities which may include appointing a MLRO
Reporting any suspicions of ML or TF to the relevant authorities
Establishing due diligence arrangements
Monitorign of transactions to search for suspicious activity
Maintaining appropriate KYC records and checks
Reporting suspicious activity to the MLRO
Establishing dual control and segregation of duties controls to help prevent collusion
Training for employees
AML and CFT compliance reviews and internal audits
Reporting suspicious activity or transaction
In the UK, SARs need to be submitted to the National Crime Agency
In the UK, SARs can be submitted via a secure online system with telephone support
Each time a suspicious activity is identified, the nominated officer provides information on
The type and nature of the suspciion
Date and location of the event
Whether the idnvidiul is believed to be a suspect or victim
The personal details of the individual engaging in the activty
Bribery and corruption
The UK Bribery Act 2010 established a liability for organisations whose employees commit an act of bribery of public bribery or business to business bribery anywhere in the world
Oranisations are expected to expected to implement internal controls mechanisms based on 6 principles
Proportionality
Top level commitment
Risk assessment
Due diligence
Commuication
Monitoring and review
Internal controls should reflect the size and the risk profile of an organisation
As responsibility for compliance with applicable laws and regulations starts with the top, senior management should actively promote a zero tolerance policy towards bribery and corruption by any individual within the organisation
Organisations should be proactive in researching and identifying the risks they may face in the markets in which they operate
Organisations are responsible for communicating policies and procedures to their employees and to third parties who represent and perform services for the organisation - this includes mandatory training procedures
An organisation that has implemented adequate internal controls prior to the occurrence of an offence can shield itself from corporate liability (responsibility for the offences of an employee or a third party acting on its behalf)
Political risk
Political risk refers to the risk an organisation may face as a result of political changes or a political instability in a country
Politcal risks are extremely hard to predict and manage, are more common in developing economies and can lead to substantial strategic, financial and employee (labour) losses for an organisation
A high degree of political freedom in a country does not laws directly translate to a low level of political risk.
Political risks are often grouped into two categories: macro and micro risks - the consequences of macro risks are not organisation specific and will affect the whole country. Micro risks are specific to an organisation or a project carried out by an organisation
Organisations manage political risks by first defining the appetite for such risks within their strategic framework
It is important to conduct the appropriate cost benefit analysis of political risks as some risks may be worth taking
Risks that cannot be mitigated should be monitored and regularly reviewed by both management and the board
It is also important that policies and procedures related to political risks are clearly communicated and enforced within the organisation
Corporate gifts
The giving and receiving of gifts has always been part of corporate life
To ensure that a corporate gift does not constitute a bribe, the Bribery Act 2010 guidance put significant restrictions on the value and the timing of corporate gifts and related hospitality actions
People risk
Behavioural risk management is focused on managing the individual and collective behaviour of an organisations employees
Behaviour risk management targets the attitudes, perceptions and relationships of an organisation's employees promoting 'good' behaviours that help the organisation to achieve its objectives, and preventing bad behaviours that can lead to a variety of risks
Behavioural risk
Behavioural risk arises from negative employee behaviours. Negative behaviours may include
Neglience and criminal behaviours
Aggression and bullying
Lack of concern for health and safety or environmental protection
A focus on short term rewards over long term benefits
Ignoring policies and procedures
An unwillingness to communicate or to listen to the advice of others
Pursuing personal objectives at the expense of organisational ones
Common sources of behaviour risk
Bullying
Negligence
Refusing to follow a policy or procedure
Neglecting assigned duties and responsibilities
A general lack of care and attention
A lack of concern for others and their needs
Not following the instructions of a line manager
Information leaks
Criminal activity
Effects
Financial: Behavioural risks such as theft ad fraud can cost significant amounts of money
Legal and complance: Bad employee behaviours can result in a range of legal and compliance effects, including court cases, supervisory intervention, the loss of an operating licence, fines and criminal sanctions
Morale of employees: Bad behaviours can affect employee morale across the organisation. Behaviours such as bullying can be especially damaging to employees
Reputation: high profiel behavioural risk events can lead to extensive adverse media attention. Socially aware stakeholders may also be reluctant to engage with organisations that allow bad behaviours in areas such as bullying, financial crime or health and safety management
Managing behaviour risk
Recruitment controls
Effective recruitment controls reduce the potential for recruiting employees likely to exhibit bad behaviours
Psychometric tests may be used to test the psychological tendencies of employees, such as their attention to detai
References and criminal record checks may reveal applicants with a previous history of bad behaviour
Probation periods may be used to address actual bad behaviours during the initial months of employment
Codes of conduct
Make clear the standards of behaviour that are expected
Non compliance with a code of conduct may lead to a displicinary action and ultimately dismissal
Risk culture
The risk culture of an organisation is a subset of its wider organisational culture
Assessing and controlling the risk culture of an organisation can help to manage behavioural risks. Examples of controls that can influence employee behaviours include
The tone from the top, where senior managers and directors reinforce the standards of behaviour that are expected
Disciplinary and grievance process, providing they are followed correctly and consistently
Performance reviews, which focus on behaviours as well as operational performance
Training initiatives that look to influence employee behaviours
Climate change risk
In 2018, the Bank of England launched a consultation into how financial services organisations based in the UK are managing climate change risk
Accordinging to the BoE, climate change presents financial risks that can impact organisations through two main channels: the physical effects of climate change and the impact of changes associated with the transition to a lower carbon economy
Physical risks arise from changing climate conditions and extreme weather events such as hurricanes, droughts, foods, storms and a rise in sea level
These can potentially result in large financial losses for organisations especially if these losses are not insured
Transition risks, on the other hand, arise from the process of organisations adjusting towards a greener (lower carbon) state
Changes in government climate policy, technology or market sentiment could prompt a reassessment of a large range of assets as changing costs and opportunities become apparent
The BoE expects organisations to identify a senior manager with responsibility for managing the financial risks posed by climate change with clear board level engagement (a designated board member to oversee risk management and disclosures relating to climate change)
Asymmetric risk
The asymmetric threat is a low resource attack that has large consequences
A cyber attack launched by one person or a small group of individuals that causes a significant operational disruption for a target (organisation) is an example of such threat. In this context, the perpetrator has an unfair (asymmetric) advantage over its victim
Reputation and resilience
Much risk management activity is focused on anticipating risk events, their causes and effects with the aim of reducing their probability and impact
In the case of emerging risks there may not be sufficient information to anticipate and control all possible events
Where risks cannot be anticipated, the alternative is to build resilience
A resilient organisation is able to respond to unanticipated risk events to help mitigate their effects
The aim is not prevention but effect reduction
Resilient organisations
Accept that they cannot anticipate every risk event, especially when dealing with emerging risks
Prepare for the unexpected by designing effective crisis management and business continuity arrangements
React quickly when surprised by new events, taking action immediately
Invest in effect reduction tools, including PR management to control media reaction
Learn from past events, including their successes and failures in managing these events
Shareholder activism
Shareholder activism has been on the rise over the past few years often taking organisations by surprise
Shareholder activism refers to a range of activities by one or more a publicly traded organisations shareholders that are intended to result in some change in the organistion
A wide range of investors participate in activism, including traditional asset managers, mutual funds, pension funds and individuals
The extent of requested changes is driven by the type of the activist shareholder. Examples of activism-related changes include
Changes to the board's governance policies or practices, or a change to the board composition
Changes to executive remuneration plans
Change to the oversight of certain functions
Change to the organisation behaviour
Changes to the share buyback and share dividend programmes
Changes to the divestment strategy
Fending off an attack from activist investors can be a time consuming, destructive and widely publicised exercise
Without a proper evaluation of the shareholder proposal, organisations run a high risk of prioritising short-term gains over long term health and grwoth
To prepare for shareholder activism, organisations need to better understand whether they can be at risk of an activist event - common risk factors include
A low market value relative to the book value
Prolonged underperformance relative to peers
Excessive cash on hand that has not been re-invested
Parts of the business that do not align with the overall strategy
Failure to meet basic corporate governance and ESG practices
Well advised and well informed boards will take a less reactive response when dealing with activist shareholders, finding opportunities to better control the overall process and leverage their key stakeholders. Well handled activist campaigns will maintain the credibility of the board in the face of often negative publicity and it is crucial that board members are engaged with the executive team and key stakeholders